- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Every year, more than 5,000 laptops are lost in taxis in London, New York, Chicago and other large cities. According to our research, in 2008 companies' topmost security investment was laptop encryption. Laptop hard drives are getting bigger and now can hold hundreds of thousand to hundreds of millions of sensitive records.
As a CSO, one of your top priorities is probably to keep your company off the front page of the news. Is it inexcusable to have laptops in the field with unencrypted hard drives? With such new open source solutions as TrueCrypt, there are few excuses left: All laptops must be fully encrypted.
Encryption technology is easy, but encryption solutions are hard. Key management and recovery make it difficult to manage large-scale encryption. Even low-cost encryption software for laptops can add up quite quickly if you deploy it on all laptops. Even if you can afford the cost of the software, however, you have to look at the complexity of the whole solutions
TrueCrypt, an open source encryption solution now offers cross-platform (Windows, Mac, Linux), whole-disk encryption that is surprisingly easy to deploy and use. The software is slick, both in the initial installation and disk encryption and in its daily use. It's unobtrusive, has no noticeable impact on performance and requires almost no user training. Furthermore, it is free to use and free to modify. Even the smallest companies now have few excuses for not deploying whole-drive laptop encryption.
As with any offering, the challenge is recovery from a disk failure or password loss. TrueCrypt will create rescue CDs that can be used to recover from corrupted data and boot blocks. In addition, the rescue CD can be protected with a master administrator pass-phrase that is independent from the user pass-phrase. So, users can change passwords and administrators can still recover disks without knowing the user pass-phrase. Rescue CDs can be carried by users (you still need the pass-phrase to use the rescue CD) and also stored in a central location (a fireproof, locked safe).
Although data can be salvaged from an unencrypted drive even after heavy corruption, encrypted disks can become irrevocably corrupted. I would recommend combining TrueCrypt with a good backup solution, preferably an online (over-the-network) backup solution so as to be protected from data loss.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (11)
While I agree that it is a good idea to encrypt laptops using TrueCrypt (which has no enterprise key management) is not a viableBy Andy Willingham on July 22, 2008, 3:57 pmWhile I agree that it is a good idea to encrypt laptops using TrueCrypt (which has no enterprise key management) is not a viable solution for many companies. Also...
Reply | Read entire comment
Great until your data disappears on youBy Mike.D. on July 23, 2008, 12:07 pmHaving encrypted laptops and other media for many years, you feel quite secure in knowing that you are safe from laptop thieves...that is until you find out your...
Reply | Read entire comment
Online BackupsBy Anonymous on July 23, 2008, 5:27 pmWhat are some options for online backup? How are other people backing up data that contains tax info, ssn numbers, bank/financial info? Are people really using...
Reply | Read entire comment
Some thoughts about Truecypt'd disks on laptopsBy Anonymous on July 23, 2008, 6:02 pmI manage a network for a small engineering firm. I have about ten field users with laptops. So of course I was excited when I found out that the latest version...
Reply | Read entire comment
Actually, Truecrypt hasBy Steve Pinkham on July 24, 2008, 11:50 amActually, Truecrypt has supported hibernation since version 5.1, released in March. Truecrypt 5.1a and 6.0 made changes that significantly decrease bootup speed,...
Reply | Read entire comment
One option is a backupBy Anon on July 25, 2008, 4:39 pmOne option is a backup server from WideBand. It uses encryption in transit to their site. If you want the backup encrypted end-to-end, you can use a GoldKey token.
Reply | Read entire comment
View all comments